Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nova vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-1664
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote malicious users to cause a denial of service (resource consump...
Openstack Cinder Folsom -
Openstack Keystone Essex -
Openstack Folsom -
Openstack Grizzly -
Openstack Compute \\(nova\\) Essex -
Openstack Compute \\(nova\\) Folsom -
NA
CVE-2012-0030
Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.
Openstack Essex
Openstack Nova 2011.3
NA
CVE-2014-7520
The Nova 92.1 FM (aka com.wNova921FM) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Nova921 Nova 92.1 Fm 1
NA
CVE-2012-3447
virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x prior to 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability...
Openstack Nova 2012.1
Openstack Folsom
7.5
CVSSv3
CVE-2017-5936
OpenStack Nova-LXD prior to 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote malicious users to bypass intended security restrictions.
Canonical Ubuntu Linux 16.04
Openstack Nova-lxd
NA
CVE-2014-7231
The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove prior to 2013.2.4 and 2014.1 prior to 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.
Openstack Cinder
Openstack Nova
Openstack Trove
Redhat Openstack 5.0
6.1
CVSSv3
CVE-2021-3654
A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.
Openstack Nova
Redhat Openstack Platform 16.1
Redhat Openstack Platform 16.2
NA
CVE-2014-7230
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove prior to 2013.2.4 and 2014.1 prior to 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.
Openstack Trove
Openstack Cinder
Openstack Nova
Redhat Openstack 5.0
Canonical Ubuntu Linux 14.04
5.5
CVSSv3
CVE-2013-0326
OpenStack nova base images permissions are world readable
Openstack Nova -
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
8.8
CVSSv3
CVE-2018-19023
Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state.
Hetronic Nova-m Firmware
Hetronic Es-can-hl Firmware
Hetronic Bms-hl Firmware
Hetronic Mlc Firmware
Hetronic Dc Mobile Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »